af2c380db8482578e94fee7443624627_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af2c380db8482578e94fee7443624627_JaffaCakes118
Size

112KB
MD5

af2c380db8482578e94fee7443624627
SHA1

9f4c54f972baed11addae25543d100e1888b8017
SHA256

fe374f63f73a4ed746d397fe73cab97f3293062d1fafa089769d37852ed903bf
SHA512

509a37525b0ecaf1d506bcaf7515d5a7162177c6dd09e51042ab1f672d4f2b52e940ebb883838767490ffdfe6b296f5c0c99030b78eb7b346293678fd08af543
SSDEEP

3072:tEpK5vAD62s3N84FfAAw7tFfGpdnKms9VLg:tDv1vdkBRFsSV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af2c380db8482578e94fee7443624627_JaffaCakes118

Files

af2c380db8482578e94fee7443624627_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2887ac48647a4862f4d6da3971cf6f67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetDIBits
CreateDCA
CreateDIBSection
BitBlt
SelectObject

user32

GetDC
GetSystemMetrics
CloseWindowStation
SetThreadDesktop
wsprintfA
ReleaseDC
GetDesktopWindow
SetProcessWindowStation
OpenWindowStationA
OpenInputDesktop
CloseWindow
IsWindow
SendMessageA
CreateWindowExA
mouse_event
keybd_event
SetCursorPos
GetParent
GetClassNameA
GetWindowLongA
GetWindowTextA
GetKeyNameTextA
CallNextHookEx
ExitWindowsEx
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
SetWindowsHookExA
UnhookWindowsHookEx

kernel32

SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteFileA
GetDriveTypeA
GetDiskFreeSpaceExA
lstrlenA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
CloseHandle
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
TerminateThread
Sleep
CreateThread
FreeConsole
GetVersionExA
lstrcatA
GetLocalTime
IsDBCSLeadByte
GetTickCount
GetCurrentThreadId
WinExec
GetLastError
IsBadReadPtr
Process32Next
LocalSize
OpenProcess
Process32First
CreateToolhelp32Snapshot
TerminateProcess
CreateProcessA
GetSystemDirectoryA
GetStartupInfoA
CreatePipe
ExitThread
PeekNamedPipe
DisconnectNamedPipe
WaitForMultipleObjects
WaitForSingleObject
SetErrorMode
GetModuleHandleA
CreateEventA
SetEvent
ResetEvent
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
HeapSize
ExitProcess
LeaveCriticalSection
EnterCriticalSection
TlsGetValue
IsBadCodePtr
GetCPInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
LoadLibraryA
FlushFileBuffers
LCMapStringA
LCMapStringW
SetStdHandle
SetLastError
TlsFree
TlsAlloc
TlsSetValue
RaiseException
GetVersion
GetCommandLineA
GetCurrentProcess
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte

ws2_32

inet_addr
htons
WSASocketA
inet_ntoa
ntohs
connect
gethostname
__WSAFDIsSet
WSACleanup
WSAStartup
recv
select
send
getpeername
closesocket
getsockname

shell32

SHGetFileInfoA

advapi32

SetServiceStatus
CloseServiceHandle
RegDeleteKeyA
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegisterServiceCtrlHandlerExA

dbghelp

MakeSureDirectoryPathExists

avicap32

capCreateCaptureWindowA

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

urlmon

URLDownloadToFileA

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

ServiceMain

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2887ac48647a4862f4d6da3971cf6f67

Headers

File Characteristics

Imports

gdi32

user32

kernel32

ws2_32

shell32

advapi32

dbghelp

avicap32

wininet

urlmon

imm32

psapi

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 15KB

.shared Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 15KB

.shared
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB